甲骨文电子商务套件的零日漏洞,由Clop在2025年8月利用,使远程代码执行和数据盗窃成为可能,促使紧急修补. A zero-day flaw in Oracle’s E-Business Suite, exploited by Clop in August 2025, enabled remote code execution and data theft, prompting urgent patching.

2025年8月被Clop集团利用的Oracle电子商业套件在Oracle电子商业套件中处于严重的零天脆弱性,使得无法未经认证的远程代码执行,并导致数据盗窃和敲诈企图。 A critical zero-day vulnerability in Oracle’s E-Business Suite, exploited by the Clop group in August 2025, enabled unauthenticated remote code execution and led to data theft and extortion attempts. 该缺陷在CVSS规模上被评为9.8,影响12.2.3至12.2.14版本,并被用于一场广泛的运动中,Cloop发送赎金要求威胁性数据泄漏。 The flaw, rated 9.8 on the CVSS scale, affects versions 12.2.3 through 12.2.14 and was used in a widespread campaign, with Clop sending ransom demands threatening data leaks. 证据表明,散落的拉普苏斯猎人可能已经分享了利用工具。 Evidence suggests the Scattered Lapsus$ Hunters may have shared exploit tools. 甲骨文释放了一个紧急补丁,但整个违规情况仍不得而知,敦促各组织立即进行更新。 Oracle has released an emergency patch, but the full extent of breaches remains unknown, and organizations are urged to update immediately.